chore(deps): update dependency undici to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
undici (source)	6.6.2 -> 6.11.1

GitHub Vulnerability Alerts

CVE-2024-30260

Impact

Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request().

Patches

This has been patched in nodejs/undici@6805746.
Fixes has been released in v5.28.4 and v6.11.1.

Workarounds

use fetch() or disable maxRedirections.

References

Linzi Shang reported this.

• https://hackerone.com/reports/2408074
• GHSA-3787-6prv-h9w3

CVE-2024-30261

Impact

If an attacker can alter the integrity option passed to fetch(), they can let fetch() accept requests as valid even if they have been tampered.

Patches

Fixed in nodejs/undici@d542b8c.
Fixes has been released in v5.28.4 and v6.11.1.

Workarounds

Ensure that integrity cannot be tampered with.

References

https://hackerone.com/reports/2377760

---

Release Notes

nodejs/undici (undici)

v6.11.1

Compare Source

v6.11.0

Compare Source

v6.10.2

Compare Source

What's Changed

• Do not fail test if streams support typed arrays by @​mcollina in https://github.com/nodejs/undici/pull/2978
• fix(fetch): properly redirect non-ascii location header url by @​Xvezda in https://github.com/nodejs/undici/pull/2971
• perf: Remove double-stringify in setCookie by @​peterver in https://github.com/nodejs/undici/pull/2980
• [fix #​2982] use DispatcherInterceptor type for Dispatcher#Compose by @​clovis-guillemot in https://github.com/nodejs/undici/pull/2983
• fix: make EventSource properties enumerable by @​MattBidewell in https://github.com/nodejs/undici/pull/2987
• docs: ✏️ fixed benchmark links by @​benhalverson in https://github.com/nodejs/undici/pull/2991
• fix(#​2986): bad start check by @​metcoder95 in https://github.com/nodejs/undici/pull/2992
• fix(H2 Client): bind stream 'data' listener only after received 'response' event by @​St3ffGv4 in https://github.com/nodejs/undici/pull/2985
• feat: added search input by @​benhalverson in https://github.com/nodejs/undici/pull/2993
• chore: validate responses can be consumed without a Content-Length or… by @​jacob-ebey in https://github.com/nodejs/undici/pull/2995
• fix error message by @​KhafraDev in https://github.com/nodejs/undici/pull/2998
• Revert "perf: reuse TextDecoder instance (#​2863)" by @​panva in https://github.com/nodejs/undici/pull/2999
• test: remove only by @​metcoder95 in https://github.com/nodejs/undici/pull/3001

New Contributors

• @​Xvezda made their first contribution in https://github.com/nodejs/undici/pull/2971
• @​peterver made their first contribution in https://github.com/nodejs/undici/pull/2980
• @​clovis-guillemot made their first contribution in https://github.com/nodejs/undici/pull/2983
• @​MattBidewell made their first contribution in https://github.com/nodejs/undici/pull/2987
• @​benhalverson made their first contribution in https://github.com/nodejs/undici/pull/2991
• @​St3ffGv4 made their first contribution in https://github.com/nodejs/undici/pull/2985
• @​jacob-ebey made their first contribution in https://github.com/nodejs/undici/pull/2995

Full Changelog: nodejs/undici@v6.10.0...v6.10.2

v6.10.1

Compare Source

v6.10.0

Compare Source

What's Changed

• test: fix flakyness of issue-803 test by @​Uzlopak in https://github.com/nodejs/undici/pull/2960
• Cleanup format by @​KhafraDev in https://github.com/nodejs/undici/pull/2959
• Chore: run tests daily against node nightly by @​mweberxyz in https://github.com/nodejs/undici/pull/2969
• fix: fix retry handler option by @​acommodari in https://github.com/nodejs/undici/pull/2962
• build(deps): bump node from 4999fa1 to 577f8eb in /build by @​dependabot in https://github.com/nodejs/undici/pull/2974
• feat(TS): add types for composed dispatchers by @​metcoder95 in https://github.com/nodejs/undici/pull/2967
• fix: count for error response and network errors by @​metcoder95 in https://github.com/nodejs/undici/pull/2966

New Contributors

• @​mweberxyz made their first contribution in https://github.com/nodejs/undici/pull/2969
• @​acommodari made their first contribution in https://github.com/nodejs/undici/pull/2962

Full Changelog: nodejs/undici@v6.9.0...v6.10.0

v6.9.0

Compare Source

What's Changed

• feat: add new dispatch compose by @​metcoder95 in https://github.com/nodejs/undici/pull/2826
• ci: add macos-latest to test-matrix by @​Uzlopak in https://github.com/nodejs/undici/pull/2952
• types: align RequestInit.body type with lib.dom.ts by @​jdufresne in https://github.com/nodejs/undici/pull/2956
• ci: pin versions of github actions by @​UlisesGascon in https://github.com/nodejs/undici/pull/2957
• fetch: improve output for FormData, Response, Request by @​mertcanaltin in https://github.com/nodejs/undici/pull/2955
• perf: optimize collectASequenceOfBytes by @​tsctx in https://github.com/nodejs/undici/pull/2958

New Contributors

• @​jdufresne made their first contribution in https://github.com/nodejs/undici/pull/2956
• @​UlisesGascon made their first contribution in https://github.com/nodejs/undici/pull/2957

Full Changelog: nodejs/undici@v6.8.0...v6.9.0

v6.8.0

Compare Source

What's Changed

• fix: send correct SNI for proxy connections by @​chrros95 in https://github.com/nodejs/undici/pull/2939
• build(deps): bump node from 8bf9240 to 7bfef1d in /build by @​dependabot in https://github.com/nodejs/undici/pull/2937
• fetch: improve util.inspect output for web specifications by @​mertcanaltin in https://github.com/nodejs/undici/pull/2938
• ci: fix broken ci on windows and node v21 because of libuv bug by @​Uzlopak in https://github.com/nodejs/undici/pull/2941
• perf: improve getResolveErrorBodyCallback by @​Uzlopak in https://github.com/nodejs/undici/pull/2940
• fix: don't assign kAgent twice by @​ronag in https://github.com/nodejs/undici/pull/2942
• perf: dump immediatly if known size exceeds limit by @​ronag in https://github.com/nodejs/undici/pull/2882
• build(deps): bump node from 7bfef1d to 4999fa1 in /build by @​dependabot in https://github.com/nodejs/undici/pull/2946
• try to fix windows failure by @​ronag in https://github.com/nodejs/undici/pull/2950
• perf: improve parsing form-data by @​tsctx in https://github.com/nodejs/undici/pull/2944

New Contributors

• @​chrros95 made their first contribution in https://github.com/nodejs/undici/pull/2939

Full Changelog: nodejs/undici@v6.7.1...v6.8.0

v6.7.1

Compare Source

What's Changed

• fetch: use EOL of os-module by @​Uzlopak in https://github.com/nodejs/undici/pull/2915
• ci: only send codecov from ubuntu and node by @​Uzlopak in https://github.com/nodejs/undici/pull/2914
• tests: improve skip for unix.js tests, remove skipped tests by @​Uzlopak in https://github.com/nodejs/undici/pull/2916
• chore: fix typo in isHistoryNavigation comments by @​kachick in https://github.com/nodejs/undici/pull/2920
• fix(benchmark): set body correctly by @​tsctx in https://github.com/nodejs/undici/pull/2918
• chore: increase test coverage to 100% for /lib/api/api-request.js by @​Uzlopak in https://github.com/nodejs/undici/pull/2912
• fix: chunksDecode cuts off 3 characters at the end if having BOM by @​Uzlopak in https://github.com/nodejs/undici/pull/2922
• docs: clarify URI parsing behavior of ProxyAgent constructor by @​rossilor95 in https://github.com/nodejs/undici/pull/2893
• implement sync formdata parser by @​KhafraDev in https://github.com/nodejs/undici/pull/2911
• Fix docs links and add examples to sidebar by @​tastypackets in https://github.com/nodejs/undici/pull/2895
• doc: update diagnostics channel request headers type change by @​jessezhang91 in https://github.com/nodejs/undici/pull/2925
• perf: optimize getResolveErrorBodyCallback by @​tsctx in https://github.com/nodejs/undici/pull/2921
• override request dispatcher from init by @​matthieusieben in https://github.com/nodejs/undici/pull/2928
• add busboy tests by @​KhafraDev in https://github.com/nodejs/undici/pull/2924
• fix(benchmark): make it fair by @​tsctx in https://github.com/nodejs/undici/pull/2929
• Revert "chore: remove no-simd wasm" by @​Uzlopak in https://github.com/nodejs/undici/pull/2935
• build(deps): bump node from d3271e4 to 8bf9240 in /build by @​dependabot in https://github.com/nodejs/undici/pull/2936
• Flip link between docs and README by @​mcollina in https://github.com/nodejs/undici/pull/2933

New Contributors

• @​kachick made their first contribution in https://github.com/nodejs/undici/pull/2920
• @​tastypackets made their first contribution in https://github.com/nodejs/undici/pull/2895
• @​jessezhang91 made their first contribution in https://github.com/nodejs/undici/pull/2925
• @​matthieusieben made their first contribution in https://github.com/nodejs/undici/pull/2928

Full Changelog: nodejs/undici@v6.7.0...v6.7.1

v6.7.0

Compare Source

What's Changed

• test: remove t.diagnostics() calls in push-dont-push.js test by @​Uzlopak in https://github.com/nodejs/undici/pull/2715
• fix: fix flaky debug test by @​Uzlopak in https://github.com/nodejs/undici/pull/2714
• fix: HTTP2 tweaks by @​metcoder95 in https://github.com/nodejs/undici/pull/2711
• test: improve cookie tests by @​Uzlopak in https://github.com/nodejs/undici/pull/2693
• test: response.url after redirect is set to target url by @​Uzlopak in https://github.com/nodejs/undici/pull/2716
• chore: remove mocha and chai by @​Uzlopak in https://github.com/nodejs/undici/pull/2696
• test: replace t.pass with t.ok by @​Uzlopak in https://github.com/nodejs/undici/pull/2721
• perf: remove redundant operation in FormData by @​tsctx in https://github.com/nodejs/undici/pull/2726
• Add support for passing iterable objects as headers by @​JaoodxD in https://github.com/nodejs/undici/pull/2708
• chore: refine esbuild & node detection by @​mochaaP in https://github.com/nodejs/undici/pull/2677
• chore: rephrase some comments by @​Uzlopak in https://github.com/nodejs/undici/pull/2717
• test: replace t.type with t.ok and instanceof by @​Uzlopak in https://github.com/nodejs/undici/pull/2720
• remove useless options in web streams by @​KhafraDev in https://github.com/nodejs/undici/pull/2729
• Let's add superagent to the benchmark. closes #​2730 by @​eddienubes in https://github.com/nodejs/undici/pull/2731
• convert node build to latin1 by @​KhafraDev in https://github.com/nodejs/undici/pull/2673
• simplify formData body parsing by @​KhafraDev in https://github.com/nodejs/undici/pull/2735
• chore: migrate a batch of tests to node test runner no. 1 by @​Uzlopak in https://github.com/nodejs/undici/pull/2719
• chore: migrate a batch of tests to node test runner no. 2 by @​Uzlopak in https://github.com/nodejs/undici/pull/2737
• chore: migrate a batch of tests to node test runner no. 4 by @​Uzlopak in https://github.com/nodejs/undici/pull/2739
• chore: migrate a batch of tests to node test runner no. 5 by @​Uzlopak in https://github.com/nodejs/undici/pull/2740
• chore: migrate a batch of tests to node test runner no. 3 by @​Uzlopak in https://github.com/nodejs/undici/pull/2738
• chore: migrate a batch of tests to node test runner no. 6 by @​Uzlopak in https://github.com/nodejs/undici/pull/2741
• chore: migrate a batch of tests to node test runner no. 8 by @​Uzlopak in https://github.com/nodejs/undici/pull/2744
• chore: migrate a batch of tests to node test runner no. 7 by @​Uzlopak in https://github.com/nodejs/undici/pull/2742
• build(deps-dev): bump cronometro from 2.0.2 to 3.0.1 by @​dependabot in https://github.com/nodejs/undici/pull/2749
• perf: always use the same prototype Iterator by @​tsctx in https://github.com/nodejs/undici/pull/2743
• chore: migrate a batch of tests to node test runner no. 9, remove tap by @​Uzlopak in https://github.com/nodejs/undici/pull/2746
• chore: remove usage of http-errors in proxy example by @​Uzlopak in https://github.com/nodejs/undici/pull/2753
• fix: dont ship wasm files of llhttp via npm by @​Uzlopak in https://github.com/nodejs/undici/pull/2752
• fix: handle request body as late as possible by @​ronag in https://github.com/nodejs/undici/pull/2734
• perf(tree): avoid recursive calls by @​tsctx in https://github.com/nodejs/undici/pull/2755
• docs: fix favicon by @​Uzlopak in https://github.com/nodejs/undici/pull/2758
• chore: use mermaid engine and mermaid in markdown by @​Uzlopak in https://github.com/nodejs/undici/pull/2759
• chore: remove sinon dev dependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2767
• tests: skip test/node-test/debug on node 21.6.2 and windows by @​Uzlopak in https://github.com/nodejs/undici/pull/2765
• chore: improve usage of skip in tests by @​Uzlopak in https://github.com/nodejs/undici/pull/2761
• feat: improve mock error breadcrumbs by @​rossilor95 in https://github.com/nodejs/undici/pull/2774
• expose MessageEvent in fetch bundle by @​KhafraDev in https://github.com/nodejs/undici/pull/2770
• test: always exit with 0 when running in Node's Daily WPT Report CI job by @​panva in https://github.com/nodejs/undici/pull/2778
• fix: add node prefix for util to fix issue in env with min version node 18 by @​riderx in https://github.com/nodejs/undici/pull/2775
• perf: improve perf of parseRawHeaders by @​Uzlopak in https://github.com/nodejs/undici/pull/2781
• fix: make mock-agent.js test more resilient by @​Uzlopak in https://github.com/nodejs/undici/pull/2780
• chore: make some test run even without internet connection by @​Uzlopak in https://github.com/nodejs/undici/pull/2786
• mock: improve validateReplyParameters by @​Uzlopak in https://github.com/nodejs/undici/pull/2783
• perf: improve TernarySearchTree by @​Uzlopak in https://github.com/nodejs/undici/pull/2782
• fix: convert HeadersInit to sequence/dictionary correctly by @​KhafraDev in https://github.com/nodejs/undici/pull/2784
• chore: improve getFieldValue by @​Uzlopak in https://github.com/nodejs/undici/pull/2785
• Add RetryHandler to sidebar by @​mcollina in https://github.com/nodejs/undici/pull/2797
• Add RetryAgent by @​mcollina in https://github.com/nodejs/undici/pull/2798
• build(deps): bump step-security/harden-runner from 2.6.0 to 2.7.0 by @​dependabot in https://github.com/nodejs/undici/pull/2690
• build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @​dependabot in https://github.com/nodejs/undici/pull/2393
• build(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 by @​dependabot in https://github.com/nodejs/undici/pull/2799
• build(deps): bump node from 20-alpine to 21-alpine in /build by @​dependabot in https://github.com/nodejs/undici/pull/2803
• perf: improve sort algorithm by @​tsctx in https://github.com/nodejs/undici/pull/2756
• refactor: move web stuff into their own folder by @​ronag in https://github.com/nodejs/undici/pull/2793
• s/ dispactgher/dispatcher/ by @​steveluscher in https://github.com/nodejs/undici/pull/2807
• Use paralellelRequests instead of connections to calculate req/sec in benchmarks by @​mcollina in https://github.com/nodejs/undici/pull/2800
• Split out documentation into separate directory by @​Ethan-Arrowood in https://github.com/nodejs/undici/pull/2788
• build(deps): bump fastify/github-action-merge-dependabot from 3.9.1 to 3.10.1 by @​dependabot in https://github.com/nodejs/undici/pull/2820
• build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.3 by @​dependabot in https://github.com/nodejs/undici/pull/2821
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.4 by @​dependabot in https://github.com/nodejs/undici/pull/2818
• build(deps): bump actions/setup-node from 4.0.1 to 4.0.2 by @​dependabot in https://github.com/nodejs/undici/pull/2819
• fix: move CNAME and .nojekyll to root by @​Uzlopak in https://github.com/nodejs/undici/pull/2822
• remove all fetchParam event handlers by @​KhafraDev in https://github.com/nodejs/undici/pull/2823
• feat: refactor ProxyAgent constructor to also accept single URL argument by @​rossilor95 in https://github.com/nodejs/undici/pull/2810
• fix: isCTLExcludingHtab by @​Uzlopak in https://github.com/nodejs/undici/pull/2790
• refactor: move files into logical folders by @​ronag in https://github.com/nodejs/undici/pull/2813
• refactor: move fixed-queeu to dispatcher and rm node folder by @​ronag in https://github.com/nodejs/undici/pull/2827
• chore: create package.json in benchmarks by @​Uzlopak in https://github.com/nodejs/undici/pull/2766
• build(deps): bump github/codeql-action from 3.24.4 to 3.24.5 by @​dependabot in https://github.com/nodejs/undici/pull/2829
• chore: use lts for pubish types workflow by @​Uzlopak in https://github.com/nodejs/undici/pull/2830
• add dispatcher option to Request by @​KhafraDev in https://github.com/nodejs/undici/pull/2831
• fix url referrer wpt by @​KhafraDev in https://github.com/nodejs/undici/pull/2832
• refactor: remove own sort logic by @​tsctx in https://github.com/nodejs/undici/pull/2834
• fix(fetch): prevent crash when fetch is aborted with null as the AbortSignal's reason by @​steveluscher in https://github.com/nodejs/undici/pull/2833
• refactor: avoid http2 dynamic dispatch in socket handlers by @​ronag in https://github.com/nodejs/undici/pull/2839
• build(deps-dev): bump proxy from 1.0.2 to 2.1.1 by @​dependabot in https://github.com/nodejs/undici/pull/2137
• perf(tree): reduce overhead of build TernarySearchTree by @​tsctx in https://github.com/nodejs/undici/pull/2840
• webidl: implement resizable arraybuffer checks by @​KhafraDev in https://github.com/nodejs/undici/pull/2094
• websocket server only needs to reply with a single subprotocol by @​KhafraDev in https://github.com/nodejs/undici/pull/2845
• unite webidl stringification by @​KhafraDev in https://github.com/nodejs/undici/pull/2843
• fix: deflake connect-timeout test by @​Uzlopak in https://github.com/nodejs/undici/pull/2851
• fix: coverage reporting by @​Uzlopak in https://github.com/nodejs/undici/pull/2763
• fix: pipelining logic is not relevant for h2 by @​ronag in https://github.com/nodejs/undici/pull/2850
• processBody doesn't need to return a promise by @​KhafraDev in https://github.com/nodejs/undici/pull/2858
• refactor: split client into client-h1/h2 by @​ronag in https://github.com/nodejs/undici/pull/2848
• ci: fix concurrency by @​Uzlopak in https://github.com/nodejs/undici/pull/2862
• perf: improve performance of isValidSubprotocol by @​Uzlopak in https://github.com/nodejs/undici/pull/2861
• perf: reuse TextDecoder instance by @​Uzlopak in https://github.com/nodejs/undici/pull/2863
• chore: restructure benchmarks, use kebab-case by @​Uzlopak in https://github.com/nodejs/undici/pull/2864
• cookies: improve perf of toIMFDate by @​Uzlopak in https://github.com/nodejs/undici/pull/2867
• cookies: fix validateCookiePath by @​Uzlopak in https://github.com/nodejs/undici/pull/2866
• refactor: move out more h2 from core client by @​ronag in https://github.com/nodejs/undici/pull/2860
• mock: improve test coverage of buildHeadersFromArray by @​Uzlopak in https://github.com/nodejs/undici/pull/2872
• fix: remove broken build request hack by @​ronag in https://github.com/nodejs/undici/pull/2874
• chore: filenames should use kebab-case by @​Uzlopak in https://github.com/nodejs/undici/pull/2873
• refactor: split out last h1 specific code from core by @​ronag in https://github.com/nodejs/undici/pull/2876
• fix: make pipelining limit work for h2 by @​ronag in https://github.com/nodejs/undici/pull/2875
• fix: http2 doesn't have pipelining queue by @​ronag in https://github.com/nodejs/undici/pull/2878
• fix: minor connect cleanup by @​ronag in https://github.com/nodejs/undici/pull/2877
• Request headers types by @​JaoodxD in https://github.com/nodejs/undici/pull/2879
• ci: remove concurrency by @​Uzlopak in https://github.com/nodejs/undici/pull/2880
• fix: prefer queueMicrotask by @​ronag in https://github.com/nodejs/undici/pull/2881
• chore: remove no-simd wasm by @​Uzlopak in https://github.com/nodejs/undici/pull/2871
• cookies: improve validateCookieValue by @​Uzlopak in https://github.com/nodejs/undici/pull/2883
• cookies: improve validateCookieName by @​Uzlopak in https://github.com/nodejs/undici/pull/2884
• Properly parse set-cookie header using http2 by @​jeanp413 in https://github.com/nodejs/undici/pull/2886
• doc deprecate bodymixin.formData by @​KhafraDev in https://github.com/nodejs/undici/pull/2892
• perf: optimize check invalid field-vchar by @​tsctx in https://github.com/nodejs/undici/pull/2889
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in https://github.com/nodejs/undici/pull/2897
• fix issue 2898 by @​KhafraDev in https://github.com/nodejs/undici/pull/2900
• tests: ignore catch block when requiring crypto module by @​Uzlopak in https://github.com/nodejs/undici/pull/2901
• websocket: remove dead code in parseCloseBody by @​Uzlopak in https://github.com/nodejs/undici/pull/2902
• fix: tests dont need process.exit by @​Uzlopak in https://github.com/nodejs/undici/pull/2909
• chore: remove proxyquire by @​Uzlopak in https://github.com/nodejs/undici/pull/2906
• chore: remove import-fresh as devDependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2908
• perf(headers): a single set-cookie by @​tsctx in https://github.com/nodejs/undici/pull/2903
• websocket: improve .close() by @​Uzlopak in https://github.com/nodejs/undici/pull/2865
• feat: add sending data benchmark by @​tsctx in https://github.com/nodejs/undici/pull/2905
• ci: integrate workflows into nodejs.yml by @​Uzlopak in https://github.com/nodejs/undici/pull/2899

New Contributors

• @​JaoodxD made their first contribution in https://github.com/nodejs/undici/pull/2708
• @​eddienubes made their first contribution in https://github.com/nodejs/undici/pull/2731
• @​riderx made their first contribution in https://github.com/nodejs/undici/pull/2775
• @​steveluscher made their first contribution in https://github.com/nodejs/undici/pull/2807
• @​jeanp413 made their first contribution in https://github.com/nodejs/undici/pull/2886

Full Changelog: nodejs/undici@v6.6.2...v6.7.0

v6.6.2

Compare Source

What's Changed

• fix: webidl.brandcheck non strict should throw by @​Uzlopak in https://github.com/nodejs/undici/pull/2683
• fix: expose EventSource for nodejs by @​Uzlopak in https://github.com/nodejs/undici/pull/2645
• test: more information from debug tests by @​Uzlopak in https://github.com/nodejs/undici/pull/2695
• Fix broken test on linux by @​mcollina in https://github.com/nodejs/undici/pull/2699
• fix: fix the linux patch by @​Uzlopak in https://github.com/nodejs/undici/pull/2703
• test(wpt): mark timed out tests as 'failed' by @​rossilor95 in https://github.com/nodejs/undici/pull/2644
• build(deps-dev): bump borp from 0.5.0 to 0.9.1 by @​dependabot in https://github.com/nodejs/undici/pull/2702
• perf: use insertion sort algorithm by @​tsctx in https://github.com/nodejs/undici/pull/2706
• fix: run node tests on merge by @​Uzlopak in https://github.com/nodejs/undici/pull/2707

New Contributors

• @​rossilor95 made their first contribution in https://github.com/nodejs/undici/pull/2644

Full Changelog: nodejs/undici@v6.6.1...v6.6.2

v6.6.1

Compare Source

⚠️ Security Release ⚠️

Details on the vulnerabilities fixed will be shared in the next couple of days.

What's Changed

• fix: flaky debug test by @​Uzlopak in https://github.com/nodejs/undici/pull/2687
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by @​dependabot in https://github.com/nodejs/undici/pull/2688
• build(deps): bump actions/dependency-review-action from 3.1.0 to 4.0.0 by @​dependabot in https://github.com/nodejs/undici/pull/2689
• fix: ci pipeline warnings by @​Uzlopak in https://github.com/nodejs/undici/pull/2685
• perf: optimize Iterator by @​tsctx in https://github.com/nodejs/undici/pull/2692

Full Changelog: nodejs/undici@v6.6.0...v6.6.1

v6.6.0

Compare Source

What's Changed

• add webSocket example by @​mertcanaltin in https://github.com/nodejs/undici/pull/2626
• chore: remove atomic-sleep as dev dependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2648
• chore: remove semver as dev dependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2646
• chore: remove table as dev dependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2649
• chore: remove delay as dev dependency by @​Uzlopak in https://github.com/nodejs/undici/pull/2647
• chore: reduce noise in test-logs test/issue-2349.js by @​Uzlopak in https://github.com/nodejs/undici/pull/2655
• chore: fix faketimer warning in test/request-timeout.js by @​Uzlopak in https://github.com/nodejs/undici/pull/2656
• chore: reduce noise in test logs test/client-node-max-header-size.js by @​Uzlopak in https://github.com/nodejs/undici/pull/2654
• refactor: use fromInnerResponse by @​tsctx in https://github.com/nodejs/undici/pull/2635
• fix: support deflate raw responses by @​Uzlopak in https://github.com/nodejs/undici/pull/2650
• Support building for externally shared js builtins by @​mochaaP in https://github.com/nodejs/undici/pull/2643
• fix: typo clampAndCoarsenConnectionTimingInfo by @​Uzlopak in https://github.com/nodejs/undici/pull/2653
• chore: use 'node:'-prefix for requiring node core modules by @​Uzlopak in https://github.com/nodejs/undici/pull/2662
• build(deps-dev): bump husky from 8.0.3 to 9.0.7 by @​dependabot in https://github.com/nodejs/undici/pull/2667
• build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by @​dependabot in https://github.com/nodejs/undici/pull/2668
• remove timers/promises import by @​KhafraDev in https://github.com/nodejs/undici/pull/2665
• chore: fix various codesmells by @​Uzlopak in https://github.com/nodejs/undici/pull/2669
• chore: remove this alias in agent.js by @​Uzlopak in https://github.com/nodejs/undici/pull/2671
• chore: use optional chaining by @​Uzlopak in https://github.com/nodejs/undici/pull/2666
• chore: small perf improvements by @​Uzlopak in https://github.com/nodejs/undici/pull/2661
• implement spec changes from a while ago by @​KhafraDev in https://github.com/nodejs/undici/pull/2676
• websocket: fix close when no closing code is received by @​KhafraDev in https://github.com/nodejs/undici/pull/2680
• fix: make ci less flaky by @​Uzlopak in https://github.com/nodejs/undici/pull/2684

New Contributors

• @​mochaaP made their first contribution in https://github.com/nodejs/undici/pull/2643

Full Changelog: nodejs/undici@v6.5.0...v6.6.0

v6.5.0

Compare Source

What's Changed

• build(deps-dev): bump jsdom from 23.2.0 to 24.0.0 by @​dependabot in https://github.com/nodejs/undici/pull/2632
• feat: Implement EventSource by @​Uzlopak in https://github.com/nodejs/undici/pull/2608
• fix: readable body by @​ronag in https://github.com/nodejs/undici/pull/2642

Full Changelog: nodejs/undici@v6.4.0...v6.5.0

v6.4.0

Compare Source

What's Changed

• refactor: version cleanup by @​tsctx in https://github.com/nodejs/undici/pull/2605
• cacheStorage: separate matchAll logic by @​KhafraDev in https://github.com/nodejs/undici/pull/2599
• cleanup index by @​KhafraDev in https://github.com/nodejs/undici/pull/2598
• feat: port balanced-pool, ca-fingerprint, client-abort tests to node:test by @​sosukesuzuki in https://github.com/nodejs/undici/pull/2584
• ci: unpin nodejs workflow version by @​dominykas in https://github.com/nodejs/undici/pull/2434
• test(#​2600): Flaky debug test by @​metcoder95 in https://github.com/nodejs/undici/pull/2607
• fix: h2 hang issue with empty body by @​timursevimli in https://github.com/nodejs/undici/pull/2601
• Fix tests for Node.js v21 by @​sosukesuzuki in https://github.com/nodejs/undici/pull/2609
• perf(cache): avoid Request and Response initialization by @​tsctx in https://github.com/nodejs/undici/pull/2610
• Add more libraries to benchmarks by @​mcollina in https://github.com/nodejs/undici/pull/2614
• feat: port client-connect, client-dispatch, client-errors test to node:test by @​sosukesuzuki in https://github.com/nodejs/undici/pull/2591
• exit with 1 if WPT runner has unexpected errors by @​KhafraDev in https://github.com/nodejs/undici/pull/2621
• Fix tests for Node.js v20.11.0 by @​mcollina in https://github.com/nodejs/undici/pull/2618
• fix(mock-agent): split set-cookie by @​tsctx in https://github.com/nodejs/undici/pull/2619
• feat: implement throwOnMaxRedirect option for RedirectHandler by @​mertcanaltin in https://github.com/nodejs/undici/pull/2563
• test: fix flaky debug test by @​metcoder95 in https://github.com/nodejs/undici/pull/2613
• fix: hide statusOutput if empty in handleRunnerCompletion by @​Uzlopak in https://github.com/nodejs/undici/pull/2624
• docs: Fix typo in Debug.md by @​Skn0tt in https://github.com/nodejs/undici/pull/2625
• fix(cache): set AbortSignal by @​tsctx in https://github.com/nodejs/undici/pull/2612
• Use correct http Agent for node-fetch, axios, got and request by @​mcollina in https://github.com/nodejs/undici/pull/2629

New Contributors

• @​timursevimli made their first contribution in https://github.com/nodejs/undici/pull/2601
• @​mertcanaltin made their first contribution in https://github.com/nodejs/undici/pull/2563
• @​Skn0tt made their first contribution in https://github.com/nodejs/undici/pull/2625

Full Changelog: nodejs/undici@v6.3.0...v6.4.0

v6.3.0

Compare Source

What's Changed

• Clear all timeout on destroy and close by @​mcollina in https://github.com/nodejs/undici/pull/2535
• ConnectOptions should include 'origin' field by @​dvoytenko in https://github.com/nodejs/undici/pull/2532
• perf: avoid toLowerCase call by @​tsctx in https://github.com/nodejs/undici/pull/2537
• revert a1a8136 by @​KhafraDev in https://github.com/nodejs/undici/pull/2539
• docs: add Util to sidebar by @​tsctx in https://github.com/nodejs/undici/pull/2529
• fix: call explicitly unregister by @​tsctx in https://github.com/nodejs/undici/pull/2534
• fix: check the content-type of invalid formData by @​tsctx in https://github.com/nodejs/undici/pull/2541
• Add request examples. by @​autopulated in https://github.com/nodejs/undici/pull/2380
• fix(HTTP/2): handle consumption of aborted request by @​metcoder95 in https://github.com/nodejs/undici/pull/2387
• chore: update tst test by @​tsctx in https://github.com/nodejs/undici/pull/2538
• fix(fetch): do not abort fetch on redirect by @​angelyan in https://github.com/nodejs/undici/pull/2545
• drop verifyVersion in scripts by @​KhafraDev in https://github.com/nodejs/undici/pull/2549
• types: remove unused Client and Pool types by @​RafaelGSS in https://github.com/nodejs/undici/pull/2557
• lib: fix Host header when CONNECT ProxyAgent by @​RafaelGSS in https://github.com/nodejs/undici/pull/2556
• feat: port cookies tests to node runner by @​pmarchini in [https://github.com/feat: port cookies tests to node runner nodejs/undici#2547](h

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot]

⚠️ No Changeset found

Latest commit: d67c119

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
panda-docs	❌ Failed (Inspect)		Apr 4, 2024 4:24pm
panda-playground	❌ Failed (Inspect)		Apr 4, 2024 4:24pm
panda-studio	❌ Failed (Inspect)		Apr 4, 2024 4:24pm

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 6.x releases. But if you manually upgrade to 6.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.